Merge remote-tracking branch 'origin/master' into 5.9

* Test/D02glob.ztst:
  On the "unreadable directories can be globbed (users/24619, users/24626)"
  test, resolve conflicts by removing the Cygwin-only skip that has been added
  in master, since the test is passing on this branch.  This effectively reverts
  workers/45492.  See discussion starting in workers/45504.

* origin/master:
  unposted: Remove 'sgi', as that OpenBSD port has been discontinued.
  45509: fix typos in B01cd.ztst
  45490 (+45495 and a test): refactor rlimits.c
  github #49: Fix typo: longson should be loongson
  users/24710: Fix job control problem with sudo.
  45492: skip test added by users/24633 on Cygwin
  45488: COMP_WORDS for bash need "$@"-style quoting
  45487: Missing mod_export declarations for AIX
  45447: Complete vcs_info_hookadd and vcs_info_hookdel. Expose _vcs_info_hooks as a top-level helper function.
  45463: test: kill: Document why we use SIGURG
  45453: builtins: kill: Do not signal current process group when pid is empty
  45452: builtins: kill: Add `kill ''` regression test with explicit sigspec
  45451: builtins: kill: Add basic test suite
  github #48/0002: vcs_info git: properly detect bare repositories
  github #48/0001: vcs_info git: avoid warnings in bare repositories
  unposted: Post-release version bump
  unposted: Release 5.8
  CVE-2019-20044: Update change log for preceding commits
  Update NEWS/README
  Add unsetopt/PRIVILEGED tests
  Clean up error-message white space
  Improve PRIVILEGED fixes (again)
  Improve PRIVILEGED fixes
  Drop privileges securely
  unposted: V01zmodload: Fix failing test from workers/45385
  45423: _su: Improve arg handling, shell look-ups
  unposted: _zip: Recognise '--'
  45385: Add a test for 'zmodload -Fa' preemptively disabling ("blacklisting"?) features.
  unposted: Test release: 5.7.1-test-3
  zsh/system: Fix infinite loop in sysread
  _diff_options: Restore -w completion lost in workers/43351
  unposted: Fix ChangeLog typo.
  45368: Add tests for workers/45367's issue about double slashes in 'cd -P' and /home/daniel/in/zsh.
  45373: Fix ERR_EXIT bug in else branch of if.
  45372: Record a symlink loop bug involving :P
  45365: _git: Fix __git_recent_branches for the case when a commit has an empty message
  45343: Queue signals around arithmetic evaluations
  45344: Document where third-party completion functions should be installed.
  45345: internal: ztst.vim: Fix highlighting of zsh comments in test payload
  unposted: internal: Add some comments and fix indentation.  No functional change.
  45340: internal: Document the difference between paramtab and realparamtab.
  45332: _git: add completion for git-version
  _brace_parameter: add missing \

Conflicts:
	ChangeLog
	Test/D02glob.ztst
	Test/V01zmodload.ztst

1 files changed, 16 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index af59cb4e6..964e1633f 100644
--- a/NEWS
+++ b/NEWS
@@ -4,8 +4,22 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH
 
 Note also the list of incompatibilities in the README file.
 
-Changes since 5.7.1
--------------------
+Changes since 5.7.1-test-3
+--------------------------
+
+CVE-2019-20044: When unsetting the PRIVILEGED option, the shell sets its
+effective user and group IDs to match their respective real IDs. On some
+platforms (including Linux and macOS, but not FreeBSD), when the RUID and
+EUID were both non-zero, it was possible to regain the shell's former
+privileges by e.g. assigning to the EUID or EGID parameter. In the course
+of investigating this issue, it was also found that the setopt built-in
+did not correctly report errors when unsetting the option, which
+prevented users from handling them as the documentation recommended.
+setopt now returns non-zero if it is unable to safely drop privileges.
+[ Reported by Sam Foxman <samfoxman320@gmail.com>. ]
+
+Changes from 5.7.1 to 5.7.1-test-3
+----------------------------------
 
 The zsh/zutil module's zparseopts builtin learnt an -F option to abort
 parsing when an unrecognised option-like parameter is encountered.